Details of VAR-201904-1461

ID

VAR-201904-1461

CVE

CVE-2018-4346

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Dictionary is one of the dictionary components. A local attacker could exploit this vulnerability to disclose user information

Trust: 3.24

sources: NVD: CVE-2018-4346 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014998 // JVNDB: JVNDB-2018-007762 // VULHUB: VHN-134377 // VULMON: CVE-2018-4346

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14	Trust: 1.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.8 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2018-001 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.1 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2018-005 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014998 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4346
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4346
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-1472
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134377
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4346
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4346
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134377
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4346
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134377 // VULMON: CVE-2018-4346 // JVNDB: JVNDB-2018-014998 // CNNVD: CNNVD-201810-1472 // NVD: CVE-2018-4346

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-134377 // JVNDB: JVNDB-2018-014998 // NVD: CVE-2018-4346

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1472

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1472

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008908

PATCH

title:	About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra	url:	https://support.apple.com/en-us/HT209193	Trust: 1.6
title:	HT209139	url:	https://support.apple.com/en-us/HT209139	Trust: 1.6
title:	About the security content of iTunes 12.9.1	url:	https://support.apple.com/en-us/HT209197	Trust: 0.8
title:	About the security content of iCloud for Windows 7.8	url:	https://support.apple.com/en-us/HT209198	Trust: 0.8
title:	About the security content of Safari 12.0.1	url:	https://support.apple.com/en-us/HT209196	Trust: 0.8
title:	About the security content of tvOS 12.1	url:	https://support.apple.com/en-us/HT209194	Trust: 0.8
title:	About the security content of iOS 12.1	url:	https://support.apple.com/en-us/HT209192	Trust: 0.8
title:	About the security content of watchOS 5.1	url:	https://support.apple.com/en-us/HT209195	Trust: 0.8
title:	HT209139	url:	https://support.apple.com/ja-jp/HT209139	Trust: 0.8
title:	HT209193	url:	https://support.apple.com/ja-jp/HT209193	Trust: 0.8
title:	Apple macOS Dictionary Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86450	Trust: 0.6

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014998 // JVNDB: JVNDB-2018-007762 // CNNVD: CNNVD-201810-1472

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4346	Trust: 2.6
db:	JVN	id:	JVNVU96365720	Trust: 1.6
db:	JVN	id:	JVNVU99356481	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-008908	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014998	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007762	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1472	Trust: 0.7
db:	VULHUB	id:	VHN-134377	Trust: 0.1
db:	VULMON	id:	CVE-2018-4346	Trust: 0.1

sources: VULHUB: VHN-134377 // VULMON: CVE-2018-4346 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014998 // JVNDB: JVNDB-2018-007762 // CNNVD: CNNVD-201810-1472 // NVD: CVE-2018-4346

REFERENCES

url:	https://support.apple.com/kb/ht209139	Trust: 1.8
url:	https://support.apple.com/kb/ht209193	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4346	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96365720/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4346	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96365720/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2018/nov/16	Trust: 0.1

CREDITS

Wojciech Regu?a (@_r3ggi) of SecuRing

Trust: 0.6

sources: CNNVD: CNNVD-201810-1472

SOURCES

db:	VULHUB	id:	VHN-134377
db:	VULMON	id:	CVE-2018-4346
db:	JVNDB	id:	JVNDB-2018-008908
db:	JVNDB	id:	JVNDB-2018-014998
db:	JVNDB	id:	JVNDB-2018-007762
db:	CNNVD	id:	CNNVD-201810-1472
db:	NVD	id:	CVE-2018-4346

LAST UPDATE DATE

2024-11-23T21:06:25.323000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134377	date:	2019-04-05T00:00:00
db:	VULMON	id:	CVE-2018-4346	date:	2019-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014998	date:	2019-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-1472	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2018-4346	date:	2024-11-21T04:07:14.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134377	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4346	date:	2019-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014998	date:	2019-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-1472	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-4346	date:	2019-04-03T18:29:09.377